HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

Key: "Y" - Normally leave to run at start-up "N" - Not required - typically infrequently used tasks that can be started manually if necessary "U" - User's choice - depends whether a user deems it necessary "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" "?" - Unknown

	Startup Name	Process Name	Details
X		system32.exe	"Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field"
X		pathex.exe	"Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field"
X		svchost.exe	"Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field"
X		MSPF.EXE	"Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.dll	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.exe	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
X		dllvirtual.js	"Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field"
X		ajsha5.exe	"Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field"
X		ne.exe	"Added by the IRCBOT-ZL TROJAN!"
	Note - not be mistaken for the MSN Messenger file of the same name!"
	Note the filename has a ""0"" rather than an upper case ""o"""
Y	!1_pgaccount	pgaccount.exe	"DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system and this is essential for PG to work properly"
Y	!1_ProcessGuard_Startup	procguard.exe	"DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background as well as a variety of other attacks"
U	!AVG Anti-Spyware	avgas.exe	"Part of AVG Anti-Spyware from Grisoft"
U	!ewido	ewido.exe	"Part of Ewido anti-spyware"
N	!NoLoad	winrecon.exe	"WinRecon keystroke logger/monitoring program - remove unless you installed it yourself!"
U	"aimb.exe"" -h"	aimb.exe	"IMSufSentinel is a spy program which can record IM conversations log keystrokes record URLs visited and take screenshots. If you didn't install this yourself remove it"
X	"Vaganza-XPloit-[User Name]"""	[user name].exe	"Added by the GAVGENT.A WORM!"
U	$EnterNet	Enternet.exe	"Connection manager for the EnterNet ISP. You can also use RASPPOE"
X	$sys$cmp	$sys$xp.exe	"Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer"
X	$sys$crash	$sys$sonyTimer.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$crash	$sys$sos$sys$.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$crash	$sys$WeLoveMcCOL.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$drv	$sys$drv.exe	"Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer"
X	$sys$momomomochin	$sys$sonyTimer.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$momomomochin	$sys$sos$sys$.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$momomomochin	$sys$WeLoveMcCOL.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$umaiyo	$sys$sonyTimer.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$umaiyo	$sys$sos$sys$.exe	"Added by the WELOMOCH TROJAN!"
X	$sys$umaiyo	$sys$WeLoveMcCOL.exe	"Added by the WELOMOCH TROJAN!"
U	$Volumouse$	volumouse.exe	"Volumouse from Nirsoft. ""Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"""
X	$WindowsRegKey%update	IEXPLORE.EXE	"Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
?	%cmpmixtitle%	%cmpmixstr%	"Possibly related to C-Media Mixer Control panel?"
N	%FP%012-L2TP fts.exe	fts.exe	012.Net.il Israeli ISP software front-end
U	%FP%012-L2TP FWPortal.exe	FWPortal.exe	012.Net.il Israeli ISP dial-up software
N	%FP%1776 Internet fts.exe	fts.exe	1776 Internet US ISP software ISP software front-end
U	%FP%1776 Internet FWPortal.exe	FWPortal.exe	1776 Internet US ISP dial-up software
N	%FP%AIRTEL fts.exe	fts.exe	"Bharti Airtel Broadband - Indian ISP software front-end"
N	%FP%Barak013 fts.exe	fts.exe	Barak013 Israeli ISP software front-end
U	%FP%Barak013 FWPortal.exe	FWPortal.exe	Barak013 Israeli ISP dial-up software
N	%FP%Friendly fts.exe	fts.exe	Friendly ISP software front-end
U	µTorrent	utorrent.exe	"µTorrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu memory and space as possible while offering all the functionality expected from advanced clients"
X	(*)API Machine	winSOCKS.exe	"Homepage hijacker see here (* = any digit)"
X	(*)Run	win32API.exe	"Homepage hijacker see here (* = any digit)"
X	(Default)	media_driver.exe	"Added by the TUPEG VIRUS! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	Shania.vbs	"Added by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	NOTEPAD.exe	"Added by the RUSTY WORM! Note - not to be confused with the valid Windows ""NOTEPAD"" text editor! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	[random filename].exe	"Added by the BLACKMAL WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	twunk_32.exe	"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	winhelp.exe	"Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	spolsvr2.exe	"Added by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	winbas12.exe	"Adware CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	Systrsy.exe	"Added by the CDTRAY TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	llsass.exe	"Added by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	syspol.exe	"Added by the DREMN-B TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	winlog.exe	"Unidentified adware. Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(default)	rundll32.exe [path to DLL file]Do98Work	"Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	winligom.exe	"Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	5640.exe	"Added by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the ""(Default)"" key in HKCU\Run HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	fada.exe	"Detected by Trend Micro as the VB.HEI TROJAN! See here. Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	Mcafee.exe	"Detected by Kaspersky as the AGENT.AY TROJAN! See here. Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the ""(Default)"" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(Default)	QQUpdate.exe	"Added by the QUADRULE.A WORM! Note - this malware actually changes the value data of the ""(Default)"" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank"
X	(L4r1$$4) (4nt1) (V1ruz)	SP00Lsv32.pif	"Added by the ASSIRAL.B WORM!"
X	*Bandook	msdll.exe	"Added by an unidentified TROJAN - see here"
X	*JanisRuckenbrodII	janis.com	"Added by the POPS WORM!"
X	*Microsoft Update	ctxma.exe	"Added by the STMU TROJAN!"
X	*Microsoft Update	cxma.exe	"Added by the STMU TROJAN!"
X	*Microsoft Update	wstcl.exe	"Added by the STMU TROJAN!"
X	*Microsoft Update	wucxt.exe	"Added by the STMU TROJAN!"
X	*Microsoft Update	wuytc.exe	"Added by the STMU TROJAN!"
X	*MS Setup	[random filename]	"Virtumondo adware also known as the VUNDO TROJAN!"
X	*MSConfig32	aecache.exe	"Detected by F-Secure as the OBFUSCATED.GP TROJAN!"
Y	*Restore	rstrui.exe	Part of Windows System Restore and added as a RunOnce registry entry. Leave alone
X	*Security Center	secctr.exe	"Added by the SDBOT.BRO WORM!"
Y	*StateMgr	statemgr.exe	Windows ME default for System Restore. Do NOT disable!
N	*WerKernelReporting	WerFault.exe	"Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here"
X	*windows update	wrauclt.exe	"Added by the RBOT-QU WORM!"
X	*windows update	wuanclt.exe	"Added by the RBOT-PG WORM!"
X	*windows update	wuaucrlt.exe	"Added by the SPYBOT.HUR WORM!"
X	*windows update	wuraclt.exe	"Added by the RBOT-PO WORM!"
X	*windows update	wurauclt.exe	"Added by the RBOT-SY WORM!"
X	*windows update	wsctl.exe	"Added by the SPYBOT.PR WORM!"
X	*windows update	wkmst.exe	"Added by the SDBOT.AVD WORM!"
X	*windows update	wscxt.exe	"Added by the RBOT.AOS WORM!"
X	*windows update	waurclt.exe	"Added by a variant of the RBOT WORM!"
X	*Windows [filename] Checker	[filename]	"Added by the KEDEBE-B WORM!"
X	*WindowsAudio	systemupd.exe	"Added by the AGENT-TH WORM!"
X	*WinLogon	[trojan path] ren time:[random number]	"Added by the VUNDO TROJAN!"
X	*winstats	winstats.exe	"Added by the GARGAFX TROJAN!"
X	*wuauclt.exe	w****.exe [* = random char]	"Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe wtmsv.exe wxmst.exe wmsvc.exe and so on..."
X	-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+	ISASS.exe	"Added by the ASSIRAL.B WORM!"
Y	-FreedomNeedsReboot	ZkRunOnceR.exe	Internet Security Suite used by ISPs to protect customers against many attacks
X	..	ABC2007.exe	"Added by the DLOADR-ASH TROJAN!"
X	.mscdr	lassa.exe	"Added by the WEBUS.C TROJAN!"
X	.mscdr	lsvchost.exe	"Added by the WEBUS.D TROJAN!"
X	.mscdsr	lsvchost.exe	"Added by the BDOOR-CR BACKDOOR!"
X	.mscsbl	svhost.exe	"Added by the CMQ TROJAN!"
X	.msfupdate	msveup.exe	"Added by the ALLOCUP.A WORM!"
X	.mssecure	mssecure.exe	"Added by the DDOS_BOXED.X TROJAN!"
?	.NET config	sysmon32.exe	"??"
X	.NET.	msnmgnr.exe	"Added by the DELF.AYF WORM!"
X	.norton	rchost.exe	"Added by the BOXED-H TROJAN!"
X	.nvsvc	smss.exe	"Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!"
X	.nvsvcb	smssb.exe	"Added by the BOXED.CG TROJAN!"
X	.Prog	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process which should not appear in Msconfig/Startup!"
X	.Prog	winlogon.exe	"Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!"
X	.protected	N/A	"Smitfraud variant"
X	.svchost	CSRSS.EXE	"Added by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	.TEXTCONV	csrss.exe	"Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	.TEXTCONV	lsass.exe	"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder"
X	.WMAudio	csrss.exe	"Added by the WEBUS TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	.WMAudio	lsass.exe	"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder"
N	/l:eng	N/A	Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file but it's easily available using the search function
U	000	pit.exe	"PrivateEye surveillance software. Uninstall this software unless you put it there yourself"
X	000hpdllhos	hpdllhost.exe	"LZIO.com adware downloader"
U	000StTHK	000StTHK.exe	Toshiba Hot key functionality for the function keys (Fn-Esc Fn-F1 (lock) Fn-F2 Fn-F3 Fn-F4 Fn-F5 (switching between laptop and CRT display output) etc...)
X	0050726-007-i32-1	0050726-007-i32-1.exe	"Added by the BANCBAN-EC TROJAN!"
?	00DSKSVR00	desksaver.exe	"Related to Advanced Desktop Shield"
?	00DSKSVR01	desksaver.exe	"Related to Advanced Desktop Shield"
Y	00PCTFW	FirewallGUI.exe	"PC Tools Firewall Plus - ""powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network"""
Y	00TCrdMain	TCrdMain.exe	Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
U	00THotkey	00THotKey.exe	For Toshiba Satellite notebook series to use the front buttons play stop next prev.
U	00THotkey	system32THotkey.exe	For Toshiba Satellite notebook series to use the front buttons play stop next prev
U	0190 Warner	WARN0190.EXE	"Anti-dialer program (Germany)"
U	0900 Warner	WARN0900.EXE	"Anti-dialer program (Germany)"
X	0mcamcap	0mcamcap.exe	"Added by the COSIAM-H TROJAN!"
X	0utlook Express	*****.exe [* = random char]	"Added by the RBOT-CC WORM! Note the first letter is actually the digit ""0"" and not a capital ""o"""
X	1	1.exe	"Added by the ESTEEMS TROJAN!"
X	1	lsass.scr	"Added by the BANCOS.V TROJAN!"
X	1	svchost.scr	"Added by the BANCOS.X TROJAN!"
X	1	mrcmgr.exe	"Detected by Kaspersky as the BANKER.RQK TROJAN! See here"
N	1&1 EasyLogin	EasyLogin.exe	"1&1 EasyLogin - quick access to webhost 1&1's Control Panel Web-Mail and other applications via the System Tray"
X	1-sukarno	sukarno.exe	"Added by the BRONTOK-CR WORM!"
U	101Clips	101Clips.exe	"101Clips - ""the simplest of all multi-clipboard programs. Just have it running minimized and it captures everything you cut or copy from other programs. It keeps the last 25"""
X	1029BB4B-16A9-4E77-AA3D-96930BD68EEC	sysockeu.exe	"Detected by McAfee as the FAKEALERT-AH TROJAN! See here"
X	1111swapmgr.exe	1111swapmgr.exe	"Added by the BDOOR-IC BACKDOOR!"
X	123456	rundll32.exe shell32.dll Control_RunDLL ...123456.cpl	"Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number"
X	1234klsjdc uiar924c af	sxgnsvuxct.exe	"Detected by McAfee as the FAKEALERT-AM TROJAN! See here"
X	1234klsjdc uiar924c af	sysvtypkbjx.exe	"Detected by McAfee as the FAKEALERT-AM TROJAN! See here"
X	123Monitor	SpywareFreeMonitor.exe	"1-2-3 Spyware Free rogue spyware remover - not recommended see here"
U	12Ghosts Backup	12backup.exe	"12Ghosts Backup - ""Automatic Backups HyperBackup for Multiple Versions Registry Backup"""
U	12Ghosts Clip	12clip.exe	"12Ghosts Clip - ""Screen shots made easy"""
U	12Ghosts JustAWindow	12window.exe	"12Ghosts JustAWindow - ""Cover annoying ads animated gifs things you don't want to see"""
U	12Ghosts Popup-Killer	12popup.exe	"12Ghosts Popup-Killer"
U	12Ghosts SaveLayout	12autosl.exe	"12Ghosts SaveLayout - ""Always (always!) keep the layout of your desktop icons"""
U	12Ghosts SetColor	12color.exe	"12Ghosts SetColor - ""Change your desktop icon text colors also to transparent"""
U	12Ghosts ShowTime	12showtime.exe	"12Ghosts Showtime - ""Enhance the clock in your tray with font formatting colors date time zones"""
U	12Ghosts Synchronize	12sync.exe	"12Ghosts Synchronize - ""Sync PC clock with an atomic clock over the Internet"""
U	12Ghosts Tower	12tower.exe	"12Ghosts Tower - ""Quickly access and manage all Ghosts (included in all packages)"""
U	12Ghosts TrayProtect	12srvc.exe	"12Ghosts TrayProtect - ""Hide tray icons restore after a crash"""
U	12Ghosts Wash	12wash.exe	"12Ghosts Wash - ""Protect your privacy clear browser history delete and overwrite cache files"""
N	12Voip	12Voip.exe	"12Voip - free internet telephony utility using the VoIP (Voice over Internet Protocol). Call online friends for free and regular phones either for free (limited use) or low rates. One of a number provided by Betamax - the others generally have different rate plans. Similar to the more popular Skype"
?	17779Proj2002	N/A	"??"
X	180adsolution	180adsolution.exe	"NCase adware"
X	180ax	180ax.exe	"NCase adware"
X	180ClientStubInstall	stubinstaller****.exe [* = digit]	"180Solutions adware related"
X	180ClientStubInstall	[path to trojan]	"180Solutions adware related"
X	180ClientStubInstall	******.tmp [* = random digit/char]	"180Solutions adware related"
X	1916435341.exe	1916435341.exe	"Added by the DLOADR-AXU TROJAN!"
X	196_150_ni	196_150_ni.exe	"WinFixer web installer. Winfixer is ""Foistware"" pretending to be system optimization protection and recovery software - stealth installed see here"
X	197_150_ni_3	197_150_ni_3.exe	"WinFixer web installer. Winfixer is ""Foistware"" pretending to be system optimization protection and recovery software - stealth installed see here"
N	1:	hpdrv.exe	HP utility for monitoring when and how many recoveries have been done
N	1A:MacVisionTrayMonitor	TrayMonitor.exe	Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
Y	1A:Stardock MCP	mcpserver.exe	Master Control Program for Stardock apps in development. People should leave it running if they're using any of the Stardock applications
Y	1A:Stardock TrayMonitor	TrayServer.exe	For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
?	1CmailS	NETMAIL.EXE	"??"
X	1on1	1on1.exe	Adult content dialler
U	1Srv32	SpyAgent4.exe	"SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC.""
X	1u7	1u7.exe	"Added by the MURBAC-A TROJAN!"
U	1Win32Cfg	SpyBuddy.exe	"SpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself!"
U	1Win32Cfg	Keyloggerpro.exe	"Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!"
X	1WinCfg32	WebMailSpy.exe	"WebMailSpy spyware"
X	2-suharto	suharto.exe	"Added by the BRONTOK-CR WORM!"
X	2020Downloader	mssvr.exe	"2020Search Toolbar"
X	2177F056-0AA6-4D6C-A944-13F71F341C29	sysokuaw.exe	"Detected by McAfee as the FAKEALERT-AH TROJAN! See here"
U	24Online Client	CyberoamClient.exe	"Related to Cyberroam from Elitecore Technologies Ltd"
X	252	winmgr.exe	"Added by the LEGMIR-AT TROJAN!"
X	27	slsorve.exe	"Added by the SLSORVE-A TROJAN!"
X	27	csrss32.exe	"Added by the SLSORVE-D TROJAN!"
X	27	msm32.exe	"Added by the SLSORVE-E TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Powered By Pac's Startup list